Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison. The risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute
History

Thu, 27 Mar 2025 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Mintplexlabs
Mintplexlabs anythingllm
Weaknesses CWE-764
CPEs cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*
Vendors & Products Mintplexlabs
Mintplexlabs anythingllm
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Thu, 27 Mar 2025 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 27 Mar 2025 11:00:00 +0000

Type Values Removed Values Added
Description Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison. The risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison. The risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute
Weaknesses CWE-203

cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-02-25T16:25:11.963Z

Updated: 2025-03-27T10:44:21.296Z

Reserved: 2024-01-11T18:58:30.511Z

Link: CVE-2024-0436

cve-icon Vulnrichment

Updated: 2024-08-01T18:04:49.780Z

cve-icon NVD

Status : Modified

Published: 2024-02-26T16:27:50.283

Modified: 2025-03-27T11:15:35.710

Link: CVE-2024-0436

cve-icon Redhat

No data.